diff --git a/bundles/bird/metadata.py b/bundles/bird/metadata.py
index a5547d4..38794ba 100644
--- a/bundles/bird/metadata.py
+++ b/bundles/bird/metadata.py
@@ -62,7 +62,8 @@ def neighbor_info_from_wireguard(metadata):
 )
 def my_ip(metadata):
     if node.has_bundle('wireguard'):
-        my_ip = sorted(metadata.get('interfaces/wg0/ips'))[0].split('/')[0]
+        wg_iface = sorted({iface for iface in metadata.get('interfaces').keys() if iface.startswith('wg_')})[0]
+        my_ip = sorted(metadata.get(f'interfaces/{wg_iface}/ips'))[0].split('/')[0]
     else:
         my_ip = str(sorted(repo.libs.tools.resolve_identifier(repo, node.name))[0])
 
diff --git a/bundles/wireguard/files/wg.netdev b/bundles/wireguard/files/wg.netdev
index de9af7f..493db88 100644
--- a/bundles/wireguard/files/wg.netdev
+++ b/bundles/wireguard/files/wg.netdev
@@ -1,5 +1,5 @@
 [NetDev]
-Name=wg${number}
+Name=wg_${iface}
 Kind=wireguard
 Description=WireGuard connection to ${peer}
 
diff --git a/bundles/wireguard/items.py b/bundles/wireguard/items.py
index 37d018b..e9f1d71 100644
--- a/bundles/wireguard/items.py
+++ b/bundles/wireguard/items.py
@@ -14,15 +14,15 @@ if node.has_bundle('apt'):
     deps.add('pkg_apt:wireguard')
 
 health_checks = {}
-for number, (peer, config) in enumerate(sorted(node.metadata.get('wireguard/peers', {}).items())):
-    files[f'/etc/systemd/network/wg{number}.netdev'] = {
+for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
+    files[f'/etc/systemd/network/wg_{config["iface"]}.netdev'] = {
         'content_type': 'mako',
         'source': 'wg.netdev',
         'owner': 'systemd-network',
         'mode': '0600',
         'context': {
             'endpoint': config.get('endpoint'),
-            'number': number,
+            'iface': config['iface'],
             'peer': peer,
             'port': config['my_port'],
             'privatekey': node.metadata.get('wireguard/privatekey'),
diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index b19ca8c..e409e86 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -1,4 +1,5 @@
 from ipaddress import ip_network
+from re import sub
 
 from bundlewrap.exceptions import NoSuchNode
 from bundlewrap.metadata import atomic
@@ -39,20 +40,18 @@ if node.has_bundle('telegraf'):
 @metadata_reactor.provides(
     'wireguard/peers',
 )
-def peer_psks(metadata):
+def peer_psks_and_iface_names(metadata):
     peers = {}
 
     for peer_name in metadata.get('wireguard/peers', {}):
-        peers[peer_name] = {}
+        peers[peer_name] = {
+            'iface': sub('[^a-z0-9-_]+', '_', peer_name)[:20],
+        }
 
         if node.name < peer_name:
-            peers[peer_name] = {
-                'psk': repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard {peer_name}'),
-            }
+            peers[peer_name]['psk'] = repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard {peer_name}')
         else:
-            peers[peer_name] = {
-                'psk': repo.vault.random_bytes_as_base64_for(f'{peer_name} wireguard {node.name}'),
-            }
+            peers[peer_name]['psk'] = repo.vault.random_bytes_as_base64_for(f'{peer_name} wireguard {node.name}')
 
     return {
         'wireguard': {
@@ -156,12 +155,12 @@ def peer_endpoints(metadata):
 def icinga2(metadata):
     services = {}
 
-    for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
+    for peer, config in sorted(metadata.get('wireguard/peers', {}).items()):
         if config.get('exclude_from_monitoring', False):
             continue
 
         services[f'WIREGUARD CONNECTION {peer}'] = {
-            'command_on_monitored_host': config['pubkey'].format_into(f'sudo /usr/local/share/icinga/plugins/check_wireguard_connected wg{number} {{}}'),
+            'command_on_monitored_host': config['pubkey'].format_into(f'sudo /usr/local/share/icinga/plugins/check_wireguard_connected wg_{config["iface"]} {{}}'),
         }
 
     return {
@@ -198,12 +197,12 @@ def firewall(metadata):
 )
 def interface_ips(metadata):
     interfaces = {}
-    for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
+    for peer, config in sorted(metadata.get('wireguard/peers', {}).items()):
         if '/' in config['my_ip']:
             my_ip = config['my_ip']
         else:
             my_ip = '{}/31'.format(config['my_ip'])
-        interfaces[f'wg{number}'] = {
+        interfaces[f'wg_{config["iface"]}'] = {
             'ips': {
                 my_ip,
             },
@@ -221,9 +220,9 @@ def snat(metadata):
         raise DoNotRunAgain
 
     rules = set()
-    for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
-        rules.add(f'inet filter forward iifname wg{number} accept')
-        rules.add(f'inet filter forward oifname wg{number} accept')
+    for peer, config in sorted(metadata.get('wireguard/peers', {}).items()):
+        rules.add(f'inet filter forward iifname wg_{config["iface"]} accept')
+        rules.add(f'inet filter forward oifname wg_{config["iface"]} accept')
 
         if 'snat_to' in config:
             rules.add('nat postrouting ip saddr {} ip daddr != {} snat to {}'.format(